Kata for hackers

I know you want to be this cool.

What is a “Kata”

The Japanese word for “form”; a kata is a set of moves, intended to be executed in a linear fashion. You find this in Karate, as well as other martial arts styles (sometimes by different names). While you progress through the ranks, you may learn any number of katas. They teach you to tie various moves together, and help to imprint those movements into your mind. Additionally, they help you to find a good excuse to train the movements routinely – focusing on completing the set of movements.

It’s one thing to train a movement like a punch, by itself. This is awkward, boring, and generally lame. Training to complete a set of movements, in order, with precision, is far more appealing. This means you’re more likely to actually train the movements – and therefore – more likely to get great at them!

If you haven’t seen a kata before, check out this video:

How does this apply to cybersecurity?

I see far too many hackers learning how to manipulate systems by doing little more than reading about attacks. You might have a great textbook. But if you have any experience in the field, then you know that when you’re actually trying to fight your way into a computer network time is often of the essence. You need to be able to instinctively know how to respond to a scenario, you need to act with precision.

Having knowledge sitting in the back of your mind will leave you like many hackers, treating the hack as a ‘puzzle’ to be slowly unlocked. When in reality, most hacks are rather obvious. The ‘puzzling’ element is often the time it takes the hacker to remember the technique they need.

One step up from simply reading about a technique – is practicing that technique in a lab environment. Labs are great, since they give you practical experience. But if you train yourself to treat every attack as a ‘puzzle’ you’ll still fall into the same trap.

Example Kata

The following is an example cyber-kata. Practice the moves exactly as written, until you can execute them entirely from memory, with perfect precision.

nmap -sn
nmap -T5 -Pn
curl ipecho.net/plain
nmap -T3 -sS $(curl ipecho.net/plain)

What you just performed, is a small recon kata which teaches you commands you’ll need to know in order to launch the first stage of an attack. If you have experience in this field, you may already know the commands. But if you haven’t seen some of these before, practice the kata a few times. You’ll find that the command stick in your mind much better than before.

It’s a little silly that we keep insisting on re-inventing the wheel. Martial Arts have been around for thousands of years – they’re certainly not perfect – but they have lessons to teach us about how people learn. Try out a cyber-kata, while other hackers are flipping through their books, you’ll already have a shell.

About the author

Professional hacker & security engineer. Currently at Google, opinions all my own. On Twitter as @zaeyx. Skydiver, snowboarder, writer, weightlifter, runner, energetic to the point of being a bit crazy.

Leave a Reply

Your email address will not be published. Required fields are marked *